我对安全性不了解,
net_lover(孟子E章)的
"select * from table where item='" +D1 + "'" 确实可行,如果这个语句查询有会遭到攻击,是不是要用
zhanqiangz(闲云野鹤)
dim strcmd as string="select * from table where item=@item"
dim cmd as new sqlcommand(strcmd,cnn)
cmd.parameters.add("@item",request.form("t1").tostring) ???
dim strcmd as string="select * from table where item=@item"
dim cmd as new sqlcommand(strcmd,cnn)
cmd.parameters.add("@item",request.form("t1").tostring)